Description

Direct code injection vulnerability in WordPress 1.5.1.3 and earlier allows remote attackers to execute arbitrary PHP code via the cache_lastpostdate[server] cookie.

Remediation

References

CVE-2005-2612

Related Vulnerabilities

WordPress Plugin Modern Events Calendar Arbitrary File Upload (7.11.0)

Serendipity URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2017-5474)

Jenkins Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-1000399)

PHP-Fusion Improper Privilege Management Vulnerability (CVE-2020-24949)

WordPress Plugin Pinpoint Booking System-#1 WordPress Booking SQL Injection (2.9.9.2.8)

Severity

High

Classification

CVE-2005-2612

Tags

Missing Update Known Vulnerabilities